The heightened battle in Australian businesses against cyber attack has been highlighted by new numbers showing the average number of attacks experienced by organisations doubled in the past year, but less were successful.

Australian numbers extracted from a global "State of Cyber Resilience" study, conducted by Accenture, which surveyed 4600 enterprise security practitioners found that Australian organisations appear to have notably improved their abilities to ward off threats.

It found that on average organisations are hit with 232 focused attacks each year, but an 8 per cent increase in security spending to $89.1 billion was a contributing factor to organisations preventing 87 per cent of all focused attacks compared to 70 per cent in the last report.

The study found that increased spending was being directed towards new and emerging areas of cyber security technology, including systems looking to incorporate machine learning, artificial intelligence and automation to anticipate and react to threats.

Related Quotes

Work still to do

"Australian organisations are doing a better job of preventing data from being hacked, stolen or leaked, but they still have more work to do," Accenture's Australian security lead Joseph Failla said.

"Building and allocating investment for security measures must be a priority for those organisations that want to close the gap on attacks even further. And for those who are successful, reaching a sustainable level of cyber resilience could become a reality in the next two to three years."

In its report Accenture asserts that Australian boards and executive suites have gradually become more comfortable with the details and ramifications of adopting a more progressive view, which recognises that effective cyber strategy can also be a growth driver as well as a necessary expense.

Accenture's Australian security lead Joseph Failla (right) said Australian organisations are doing a better job of preventing data from being hacked, stolen or leaked, but they still have more work to do.
Jesse Marlow

However it suggests that senior business leadership should be aware that the positive numbers do not mean they have got the problem licked, and highlights a number of areas of concern, where overconfidence could prove problematic.

Areas of concern

"New technology is critical, but investments are lagging. Seventy-nine per cent of security leaders agree that new technology is essential, yet only two out of five say they are investing in AI, machine learning and automation technologies," Accenture writes.

"More than 80 per cent of respondents are confident about monitoring for breaches, but 67 per cent say cyber attacks are still a 'bit of a black box' and do not know when or how they will impact their organisation."

In handling this Accenture suggests the role of the chief information security officer (which still does not exist in many companies) needs to evolve and become a stronger voice in executive leadership teams.

It says finding and hiring the right cyber security specialists will become an increasingly important task in Australian organisations, with its Australian survey respondents saying the top two capabilities most needed to fill gaps in their cyber security solutions were cyber threat analytics (43 per cent) and security monitoring (48 per cent).

A further worrying statistic to come out of Accenture's study is in the seemingly random way many cyber threats are being spotted and tackled in Australian companies. While companies are detecting breaches faster, internal security teams are still only finding 57 per cent of them.

When asked how they learn about attacks they have been unable to detect, Australian respondents indicated that nearly half (48 per cent) are found by so-called white-hat hackers, who alert organisations to their flaws rather than exploiting them, and 62 per cent are discovered through a peer or competitor organisation.